SMRL: A Metamorphic Security Testing Tool for Web Systems

被引:5
|
作者
Mai, Phu X. [1 ]
Goknil, Arda [1 ]
Pastore, Fabrizio [1 ]
Briand, Lionel C. [1 ,2 ]
机构
[1] Univ Luxembourg, SnT, Luxembourg, Luxembourg
[2] Univ Ottawa, Ottawa, ON, Canada
来源
2020 ACM/IEEE 42ND INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: COMPANION PROCEEDINGS (ICSE-COMPANION 2020) | 2020年
基金
欧洲研究理事会;
关键词
D O I
10.1145/3377812.3382152
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
We present a metamorphic testing tool that alleviates the oracle problem in security testing. The tool enables engineers to specify metamorphic relations that capture security properties of Web systems. It automatically tests Web systems to detect vulnerabilities based on those relations. We provide a domain-specific language accompanied by an Eclipse editor to facilitate the specification of metamorphic relations. The tool automatically collects the input data and transforms the metamorphic relations into executable Java code in order to automatically perform security testing based on the collected data. The tool has been successfully evaluated on a commercial system and a leading open source system (Jenkins). Demo video: https://youtu.be/9kx6u9LsGxs.
引用
收藏
页码:9 / 12
页数:4
相关论文
共 50 条
  • [41] A Metamorphic Testing Approach for Assessing Question Answering Systems
    Tu, Kaiyi
    Jiang, Mingyue
    Ding, Zuohua
    MATHEMATICS, 2021, 9 (07)
  • [42] Metamorphic Testing on Multi-module UAV Systems
    Li, Rui
    Liu, Huai
    Lou, Guannan
    Zheng, Xi
    Liu, Xiao
    Chen, Tsong Yueh
    2021 36TH IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING ASE 2021, 2021, : 1171 - 1173
  • [43] Security Benchmarks for Web Serving Systems
    Mendes, Naaliel
    Madeira, Henrique
    Duraes, Joao
    2014 IEEE 25TH INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING (ISSRE), 2014, : 1 - 12
  • [44] Metamorphic Model-based Testing of Autonomous Systems
    Lindvall, Mikael
    Porter, Adam
    Magnusson, Gudjon
    Schulze, Christoph
    2017 IEEE/ACM 2ND INTERNATIONAL WORKSHOP ON METAMORPHIC TESTING (MET 2017), 2017, : 35 - 41
  • [45] Metamorphic testing of decision support systems: a case study
    Kuo, F. -C.
    Zhou, Z. Q.
    Ma, J.
    Zhang, G.
    IET SOFTWARE, 2010, 4 (04) : 294 - 301
  • [46] Uzilla: A new tool for Web usability testing
    Edmonds, A
    BEHAVIOR RESEARCH METHODS INSTRUMENTS & COMPUTERS, 2003, 35 (02): : 194 - 201
  • [47] Uzilla: A new tool for Web usability testing
    Andy Edmonds
    Behavior Research Methods, Instruments, & Computers, 2003, 35 : 194 - 201
  • [48] WAPTT - Web Application Penetration Testing Tool
    Duric, Zoran
    ADVANCES IN ELECTRICAL AND COMPUTER ENGINEERING, 2014, 14 (01) : 93 - 102
  • [49] WebMark: A tool for testing Web server performance
    Zhang, Guang-Yan
    Zheng, Ming-Yang
    Ju, Jiu-Bin
    Ruan Jian Xue Bao/Journal of Software, 2003, 14 (07): : 1318 - 1323
  • [50] WebSob: A tool for robustness testing of web services
    Martin, Evan
    Basu, Suranjana
    Xie, Tao
    29TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: ICSE 2007 COMPANION VOLUME, PROCEEDINGS, 2007, : 65 - +
12345